While a survey last summer showed that 64% of Europeans are worried about the EU’s security, on Tuesday 1 April, the European Commission presented a new ‘Internal Security Strategy for the EU’ for the next five years.
Responding to new threats recently identified in a report submitted by Europol, the EU’s police cooperation agency (see EUROPE 13602/9), this strategy aims to tackle crime that has “changed significantly”, with new hybrid threats in particular, explained Vice-President Henna Virkkunen and European Commissioner for Internal Affairs and Migration, Magnus Brunner, in Strasbourg.
The ‘Strategy’ proposes a range of legislative and non-legislative plans, while identifying seven areas for action (a new European governance for internal security, anticipating security threats through new ways of sharing intelligence, more effective tools for law enforcement and stronger agencies, building resilience to hybrid threats, the fight against serious organised crime, the fight against terrorism and violent extremism, the EU as a strong global player in security).
The revision of Europol’s mandate in 2026 to make it fully operational and to fully support the requests of Member States is, however, the flagship measure of this Strategy, as is the work anticipated for 2026 on encryption or the completion of an impact study in 2025 on a possible overhaul of the current rules on the retention of personal data. In both these cases, the aim is to facilitate police work and legal access to this encrypted data.
The European Commission will also study the feasibility of a new EU-wide system for monitoring terrorist financing.
On the subject of encryption, the Vice-President explained that the ‘Encryption Technology Roadmap’ planned for 2026 should make it possible to “see what can be done” on this highly sensitive subject. This work, which is part of a long-standing debate within the European Commission, will have to identify and evaluate technological solutions enabling legal access to data covered by encryption.
With regard to hybrid threats and the resilience of critical infrastructures, whether they be physical or digital, the European Commission will revise the 2025 Cybersecurity Act, identify new measures for the use of the Cloud under cybersecurity conditions, and propose a strategy for ports.
With regard to Europol, “we propose to make Europol a catalyst for European security by doubling its staff, strengthening its mandate and improving its effectiveness”, said Magnus Brunner.
The European Commission is of the opinion that several “factors prevent Europol from fully reaching its operational potential: [...] they range from an insufficient level of resources to the fact that its current mandate does not cover new security threats, such as sabotage, hybrid threats or information manipulation”.
“The aim is to bolsterEuropol’s technological expertise and capacity to support national law enforcement agencies, to enhance coordination with other agencies and bodies and with Member States, to reinforce strategic partnerships with partner countries and the private sector”, explains the Commission. The complementarity of EU agencies and bodies responsible for internal security will also be on the agenda. Eurojust’s mandate will also be strengthened in 2026 to improve its work with Europol.
Link to the communication: https://aeur.eu/f/g6w (Original version in French by Solenn Paulic)